Do I understand header hashing?

[LnxPeng]

I've read the wiki multiple times, and I'm still not perfectly clear on a couple of things. I was hoping someone might be able to enlighten me on a couple of things regarding the mechanics of hashing the header?


The hashes being generated are SHA(SHA(Header)), where SHA is the SHA2-256 algorithm.

The header is described in the wiki, so I don't have problems there.

The first hash, SHA(Header) is run as thus:

The first 64 bytes (512 bits, 1st chunk) are hashed, which include the header, the previous block hash, and 3/4 of the Merkel Root hash. 64 iterations of the algorithm.

This will output 8 32bit numbers. This is the first "chunk".

The final 20 bytes have 2^8*36 added as padding (binary "1" followed by zeros to add 36 bytes), and the length of the header in bits (640) added as a 64 bit Big-Endian number (final 8 bytes)

This will also  output 8 32bit numbers. Each number from the second "chunk" is added to the first, to its corresponding number from the first chunk. This addition is done over modulo 2^32 for each number, so there's no overflow or carry.

This is the first hash.

This number is hashed again, with 2^192 plus a 64-bit big-endian number equaling "256" is appended, so the hash is padded for one chunk.

My first couple of questions trying to understand this are:

Within the final 20 bytes is the "nonce", which is iterated to find a hash which is less than a given value (the "difficulty"). I'm guessing the timestamp is dictated somehow and I can't arbitrarily change it? Do I need to update the timestamp as I'm iterating?

Thanks for any help. I'm trying to write a "reference" python program to help myself understand the mining process. If I get it to work I'll open it up as a reference code for those trying to understand the process like myself. I will be writing it for readability and simplicity, rather than for something actually used to mine for bitcoins. Thanks in advance!

[Enochian]

My first couple of questions trying to understand this are:

Within the final 20 bytes is the "nonce", which is iterated to find a hash which is less than a given value (the "difficulty"). I'm guessing the timestamp is dictated somehow and I can't arbitrarily change it? Do I need to update the timestamp as I'm iterating?

While you are iterating, trying to find a block header that hashes to something less than the current target, you increment the nonce in the header, and when that overflows, increment the extra-nonce in the coinbase script.

During iteration, the timestamp can increment, and the prior block can change, because someone else has mined a new last block at the end of the most difficult chain.  When this happens, you incorporate the new timestamp and/or prior block into your header, and you can then reset the nonces, and start incrementing them again.

This is why the extra-nonce is generally no more than one or two bytes.  Because you can keep resetting it when anything else in the header changes, and in any case, at least once a second.

[LnxPeng]

Ok, thanks for that update. I haven't heard of the "extra-nonce" before, where could I research it? I guess this means the 32 bit nonce isn't the only thing iterating?

Also, I'm assuming that I can get the bitcoind API (currently researching "getwork") to notify me when a block is changed, and can reset the loop?

So my loop would look like:

Do some iterations, check to see if block has changed.

If it has changed, reset nonce, get new header info. If not, keep iterating nonce.

Thanks for your help.

[Raistlan]

Because you can keep resetting it when anything else in the header changes, and in any case, at least once a second.

How often do you have to update the timestamp [and reset your nonce iteration]? Is it every second, such as the above implies, or are the timestamp tolerances broader than that?

[Luke-Jr]

How often do you have to update the timestamp [and reset your nonce iteration]? Is it every second, such as the above implies, or are the timestamp tolerances broader than that?

It's complicated, but sticking to the current time is usually a safe bet.

[blap]

 

[LnxPeng]

I would like to optimize the code, and if I have to poll system time to continue, it will make it slower. Does this "GetWork" API already have time included in its hash? Or can I use my system's current time once, and run a few thousand iterations without updating time?

Also, it appears that I need to check to see if the hash the thread is working on is still valid, I'm guessing the hash that needs to be worked on changes every 10 minutes approximately?

Thanks everyone for comments. I feel like I'm learning this pretty quickly, although it will be a while before I can get a working reference client going.

Thanks!